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SUMMARY & CONCLUSIONS 

The basic question which we address in this paper is how 
to choose among competing subsystems. This paper utilizes 
both reliabilities and costs to find the subsystems with the 
lowest overall expected cost. The paper begins by reviewing 
some of the concepts of expected value. We then address 
the problem of choosing among several competing 
subsystems. These concepts are then applied to k-out-of-n: 
G subsystems. We illustrate the use of the authors' basic 
program in viewing a range of possible solutions for several 
different examples. We then discuss the implications of 
various solutions in these examples. 

1. INTRODUCTION 

How does a design engineer or manager choose between 
a power subsystem with .990 reliability and a more costly 
subsystem with .995 reliability? When is the increased cost 
of a more reliable subsystem justified? 

High reliability is not necessarily an end in itself. High 
reliability may be desirable in order to reduce the statistically 
expected cost due to a subsystem failure. However, this may 
not be the wisest use of funds since the expected cost due to 
subsystem failure is not the only cost involved. To answer 
this question the engineer needs to consider not only the 
cost of the subsystem but also to assess the costs that would 
occur if the subsystem fails. These costs are weighted by the 
probability of their occurrence to yield the expected cost. 
We therefore minim i, the total of the two costs . i.e., the 
total of the cost of the subsystem plus the expected cost due 
to subsystem failure. 

Since this problem involves probabilistic decision making, 
we'll first review some aspects of probability and expected 
value. We'll then apply these procedures to a simple 
situation of choosing between two or more competing 
subsystems and show how to choose the best subsystem. 
These principles will then be applied to choosing from 
among various k-out-of-n:G subsystems. The authors have 
written a basic program (CARRAC) which enables the 
engineer to explore and graph various options. We'll 
illustrate the use of this program with several different cost 
models. 
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Notation 

n number of modules in the subsystem 
k minimum number of good modules for the subsystem 
to be good 

r reliability of the whole system for other than failure of 
the subsystem 

Cj loss due to failure of the subsystem 
C 3 cost of a one module subsystem capable of full output 
c 4 cost of a module in a k-out-of-n:G subsystem when k 
is fixed 

r si reliability of subsystem i, i = 1 , 2 , ... 
g(k) function relating cost of subsystem to the number of 
modules in subsystem 
p probability that a module is good 

q probability that a module fails or 1 -p 

C the total of the cost of the subsystem itself plus the 
expected cost due to subsystem failure 

2. EXPECTED VALUE 

Since much of the paper is founded upon the idea of 
expected value or 
fundamental uses 
of this concept in 
decision-making 
applications. 

Suppose that you 
may choose be- 
tween actions A 
and B. In this 
example, action A 
always results in a 
$1000 return to 
you. Then A has 
a value of $1000 
and we can say 
that the expected 
value of A, E(A), Figure 1 Example of Expected Value. 

is $1000. Action 

B, on the other hand, results in a return to you of either 
$500, outcome Bj, or $1500, outcome B 2 . This return is a 
random variable which depends upon circumstances beyond 
your control. The choices which you face are outlined in 
figure 1 . 

If Bj and B 2 are equally likely, i.e., Pr(B 1 ) = Pr(B 2 ) = .5 
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(where Pr means "probability of % then E(B) = $500xPr(B 1 ) 
+ $1500xPr(B2) = $50G(.5) + $1500(5) = $1000. If you use 
expected value as your criterion, then you would be indif- 
ferent as to choice A or B, since both have an expected 
value of $1000. Also note that, although B has an expected 
value of $1000, you never receive $1000. Half of the time 
you receive $500 and half of the time you receive $1500. 

Now suppose that the probabilities of Bj and B 2 are .4 and 
.6, respectively. Then E(B) = $500(.4) + $1500(.6) = $1100. 
If you use expected value as your criterion, you would 
choose B over A, since it has the higher expected value. In 
unusual circumstances, such as the need to repay $1000, you 
might choose A over B, even though A has the lower 
expected value. For these types of circumstances, we say 
that the certain return of $1000 has a higher expected utility 
to you than the expected utility associated with an expected 
value of $1100, where the return can be either $500 or 
$1500. For unusual circumstances, the procedures outlined 
in this paper can be applied using expected utility rather 
than expected value. For a more detailed discussion of 
utility, see [1]. 

Suppose instead that action A results in a cost of $1000 
while action B results in a cost of either $500 or $1500. We 
could, in a manner similar to that above, analyze actions A 
and B in terms of their expected costs. Our objective would 
be to minimize expected cost. Throughout the remainder of 
this paper we will use expected value or expected cost as our 
criterion. 

3. BALANCING TWO COSTS 

We will be using expected value as our criterion, namely 
the expected cost due to subsystem failure, shown as E{cost 
due to subsystem failure}. As with all expected values, this 
number depends upon both the dollar cost and the 
probability of its occurrence. Let c x be the dollar cost due 
to failure of the subsystem, including all costs incurred by 
subsystem failure (but not the cost of the subsystem itself). 
This number could be the entire cost of the main system 
(even greater in some circumstances) if failure of the 
subsystem resulted in complete failure of the main system. 
In other instances Cj could be less than the cost of the 
subsystem, e.g., cost of the subsystem resulted in only a 
partial failure of the main system. 

Now the expected cost due to subsystem failure is Cj times 
the probability that this cost will be experienced. If the main 
system fails (for other than failure of the subsystem) then 
there is no cost due to subsystem failure. For example, if 
we're considering a power subsystem in a rocket, the rocket 
may explode on the launch pad due to a fuel problem. Even 
if the power subsystem failed in flight, we would not 
experience this failure. Let r be the reliability of the main 
system (for other than failure of the subsystem) and let r s be 
the reliability of the subsystem. Then E{cost due to subsys- 
tem failure} = subsystem failure | main system good} 
Pr{main system good} = (^(l-r^r = rc^l-r^. 

We can minimize this expected cost by building a 


subsystem with an extremely low probability of failure, i.e., 
a subsystem with extremely high reliability. In this situation 
it is not dear that we should build the most reliable subsys- 
tem possible since this will minimize only the expected cost 
due to subsystem failure but does not consider the cost of 
the building the subsystem itself. To make this decision, we 
should not consider the two costs separately. We therefore 
minimize the total of the two costs. i.e.. the total of the cost 
of the subsystem plus the expected cost due to subsystem 
failure . The total quantity to be minimized is given by 

C = cost of the subsystem + E{cost due to subsystem 
failure} 

= cost of the subsystem + rc 1 (l-r s ). 

In minimizing C. we see that we are balancing the cost of 
the subsystem itself and the expected cost due to subsystem 
failure . 

4. SELECTING THE BETTER SUBSYSTEM 

As an example, suppose that we have two possible 
subsystems under consideration. Subsystem 1, which costs 
$200,000, has a .97 reliability. Subsystem 2, with a cost of 
$100,000, has a .94 reliability. Without further information 
and analysis, there is no clear "best" subsystem, and the 
choice is often based upon the amount budgeted for the sub- 
system. 

For further analysis, let’s assume that the two subsystems 
under consideration will be part of a main system which has 
a reliability (exclusive of the subsystem under consideration) 
of r = .96. We'll further assume that failure of the 
subsystem will result in a cost of Cj = $10,000,000. Let us 
first look at the E{cost due to subsystem failure} for each of 
the two subsystems. For subsystem 1, 

E{cost due to subsystem failure} = rCjPrf subsystem 
failure} - rc 1 (l-r sl ) = .96x$10, 000,000x03 = $288,000. 
For subsystem 2, 

E{cost due to subsystem failure} - rc 1 (l-r s2 ) = 
.96x$10, 000, 000x.06 = $576,000. 

Since subsystem 2 is less reliable than subsystem 1 it has a 
higher expected cost. However, since 2 is also less 
expensive, we need to compare the overall expected cost, C, 
for 1 and for 2. For subsystem 1, 

C sl = $200,000 + $288,000 = $488,000. 

For subsystem 2, 

C s2 = $100,000 + $576,000 = $676,000. 

Since C sl < C s2 , we select subsystem 1 over subsystem 2. 

5. K-OUT -OF-N:G SUBSYSTEMS 

We'll now direct our attention to a specific type of 
subsystem, called a k-out-of-n:G subsystem. Such a 
subsystem has n modules, of which k are required to be 
good for the subsystem to be good. As an example consider 
the situation where the engineer has a certain power 
requirement. He may meet this requirement by having one 
large power module, two smaller modules, etc. The number 
of modules required is called k. For example, the engineer 
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may decide that k = 4. Then each module is 1/4 of the full 
required power. Therefore, the subsystem must have 4 or 
more modules for the full required power. The number of 
modules used in the subsystem is called n. For example, an 
n = 6 and k = 4 subsystem would have 6 modules each of 
1/4 power and thus would have the output capability of 1.5 
times the required power. The engineer chooses n and k. 
Selection of the different values of n and k results in 
different subsystems, each with different costs and reliabilit- 
ies. Since each n and k yields different subsystems with 
different costs, we can choose the subsystem (the n and k) 
which will minimize cost C. 

Assumptions for k-out-of-n:G subsystems 

1. The probability of failure of any module in the 
system is not affected by the failure of any other 
module, i.e, the modules are s-independent. 

2. There is a k-out-of-n:G subsystem where each of 
the modules has the same probability of success. 

3. Failure of the subsystem results in a loss of Cj; 
Cj includes all losses incurred due to subsystem 
failure but not the cost of the subsystem itself. 

5.1 MODEL 1 

For model 1 we assume that k is fixed and that each 
module costs c 4 . Now E{cost due to subsystem failure} = 
rcjPr{subsystem failure} = rcj Pr{X<k} = rcj binf(k-l; 
p,n). Since C = cost of subsystem + E{cost due to 
subsystem failure}, then C = nc 4 + rcj binf(k-l;p,n). 

The authors have written a Basic program (CARRAC) to 
find the n which minimizes C. Additionally CARRAC will 
graph C as a function of either p or c x and graphs the best 
subsystems (i.e. the ones with the lowest C's) over ranges of 
p or Cj. This allows you to not only select the best 
subsystem for a particular value of p or but also to view 
what happens to C for nearby values of p or c x . 

As an example, consider the situation when k = 1, that is 
only one module is required to be good for the subsystem to 
be good. The reliability of this single module is estimated to 
be .95 (p = .95). Let the reliability of the system for other 
than failure of the subsystem be .9 (r = .9). The cost of 
one module is 1 (c 4 = 1) million dollars. The cost due to 
failure of this subsystem is 10 (cj = 10) million dollars. 

Figure 2 shows a plot of C for .79 < p < .99 and n's of 1 
through 4. When the reliability of a single module is p = 
.95, then the n = 1 subsystem has the lowest value of C. 
Therefore the best subsystem is the one with no spares. We 
see from figure 2 that the n = 1 subsystem has the lowest 
value of C for any p > .87. If p < .87, then n = 2 (one 
spare) has the lowest value of C. 


Figure 2 {Cost of Subsystem plus Expected Cost Due to 
Subsystem Failure} vs Reliability of a Single Subsystem 
Module. 

Now suppose instead that Cj (cost due to failure of the 
subsystem) is 50. Figure 3 shows the plot of C for c x = 50. 
We first note that if p = .95, then the n = 2 subsystem (one 
spare) is the best. Comparing figures 2 and 3 (at p = .95) 
we see that the larger value of Cj (in figure 3) requires a 
larger value of n. In general, if the cost of subsystem fail- 
ure increases, then more redundancy is required. If .83 < p 

< .98, figure 3 shows that the n = 2 subsystem is best. If p 

< .83 then still more redundancy (n=3) is required. If p > 
.98, then no redundancy (n=l) is required. 
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Figure 3 {Cost of Subsystem plus Expected Cost Due to 
Subsystem Failure} vs Reliability of a Single Subsystem 
Module. 


5.2 MODEL 2 

Assumptions 

Same as model 1 except: 

1. We are free to choose k in our subsystem. 

2. The cost of a k-module subsystem is g(k). 

3. Each module in the subsystem costs C 3 g(k)/k. 
Since there are n modules in the subsystem, the 
cost of the subsystem = nc 3 g(k)/k. Therefore C 
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= cost of subsystem + E{loss due to subsystem 
failure} = nc3g(k)/k + rcj binf(k-l; p,n). 

We note that g(k) usually increases in k, since it is 
generally more expensive to have subsystems consisting of k 
smaller elements than to have a subsystem consisting of a 
single large module. As an example of model 2, suppose we 
are building a space electrical power subsystem. The cost 
due to subsystem failure, c x , is 240. Let the reliability of the 
system for other than failure of the subsystem be .9 (r = .9). 
Suppose that the cost of building a single module capable of 
full power is 1 (C3 = 1). A rough rule of thumb says that 
the cost of smaller modules for a space electrical power 
subsystem is proportional to the electrical power raised to 
the .7, i.e., g(k) = k(l/k)' 7 Therefore, a subsystem 
consisting of a single module capable of full power would 
cost C3g(l) = C3l(l/1)‘ 7 = I.OC3, a subsystem consisting of 2 
modules, each of 1/2 power, would cost 0^(2) = 
C32(l/2)* 7 = I.23C3 to build, etc. An n = 3 and k = 2 


Figure 4 {Cost of Subsystem plus Expected Cost Due to 
Subsystem Failure} vs Reliability of a Single Subsystem 
Module. 

subsystem, i.e., one having 3 modules each of 1/2 power, 
would cost ncj g(k)/k = 3xl.23c3/2 = I.85C3 to build. An 
estimate of p, the reliability of an individual module, is .96. 
If we are unsure of this estimate, we can use CARRAC to 
view (figure 4) the best subsystems over p ranging from .89 
to .99. From figure 4, at p = .96, the n = 2, k = 1 
subsystem is best (lowest value of C). If p < .95, the n = 4, 
k = 2 subsystem is best. Note this is a flatter curve over the 
range of p, indicating a low value for C over a wide range of 
P* 

For the example, suppose we wish to view what happens 
to C as varies. Possibly we are fairly confident about our 
estimate of p = .96 but unsure about our estimate of c x . 
Figure 5 shows, if is below 310, that the n = 2, k = 1 sub- 
system is best. However, for 310 < Cj < 400, the n = 5, k 
= 3 subsystem is the best. For > 400 the n = 4, k = 2 
subsystem is the best. This type of analysis can be used 
whenever you are unsure of c x and wish to consider a wider 
range of values. 
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Figure 5 {Cost of Subsystem plus Expected Cost Due to 
Subsystem Failure} vs (Discounted) Cost of Subsystem 
Failure. 


6. OTHER MODELS AND THE BASIC PROGRAM 

CARRAC can be used to explore near optimal solutions 
for the three other cost models presented by Suich & 
Patterson [2,3]. These other models cover time dependency 
and situations with and without salvage value. The authors 
have sent copies of the CARRAC to selected organizations 
in the United States for initial testing. If you or your organi- 
zation are interested in participating, please contact Richard 
Patterson. It is anticipated that CARRAC will be available 
in the future through NASA's Computer Software 
Management and Information Center (COSMIC). 
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